summaryrefslogtreecommitdiff
path: root/net/openvpn
diff options
context:
space:
mode:
authorbad <bad@pkgsrc.org>2005-02-21 23:26:24 +0000
committerbad <bad@pkgsrc.org>2005-02-21 23:26:24 +0000
commit6884c89897ce850fe90ef484042b5156eb1e69a3 (patch)
tree893bb7ea2323a19f857afdde4e11c58ee8a71937 /net/openvpn
parentf423e8ead429ae84f548461853d305eb4f6f9857 (diff)
downloadpkgsrc-6884c89897ce850fe90ef484042b5156eb1e69a3.tar.gz
Update openvpn to 1.6.0.
While here port it properly so that the route statements in the configuration file work. Also add patches so that der Mouse's if_tap driver can be used. Changes since 1.5.0: 2004.05.09 -- Version 1.6.0 * Unchanged from 1.6-rc4 except for version number upgrade. 2004.04.01 -- Version 1.6-rc4 * Made minor customizations to devcon and renamed as tapinstall.exe for Windows version. * Fixed "storage size of `iv' isn't known" build problem on FreeBSD. * OpenSSL 0.9.7d bundled with Windows self-install. 2004.03.13 -- Version 1.6-rc3 * Minor Windows fixes for --ip-win32 dynamic, relating to the way the TAP-Win32 driver responds to a DHCP request from the Windows DHCP client. * The net_gateway environmental variable wasn't being set correctly for called scripts (Paul Zuber). * Added code to determine the default gateway on FreeBSD, allowing the --redirect-gateway option to work (Juan Rodriguez Hervella). 2004.03.04 -- Version 1.6-rc2 * Fixed bug in Windows version where the NetBIOS node-type DHCP option might have been passed even if it was not specified. * Fixed bug in Windows version introduced in 1.6-rc1, where DHCP timeout would be set to 0 seconds if --ifconfig option was used and --ip-win32 option was not explicitly specified. * Added some new --dhcp-option types for Windows version. 2004.03.02 -- Version 1.6-rc1 * For Windows, make "--ip-win32 dynamic" the default. * For Windows, make "--route-delay 10" the default unless --ip-win32 dynamic is not used or --route-delay is explicitly specified. * L_TLS mutex could have been left in a locked state for certain kinds of TLS errors. 2004.02.22 -- Version 1.6-beta7 * Allow scheduling priority increase (--nice) together with UID/GID downgrade (--user/--group). * Code that causes SIGUSR1 restart on TLS errors in TCP mode was not activated in pthread builds. * Save the certificate serial number in an environmental variable called tls_serial_{n} prior to calling the --tls-verify script. n is the current cert chain level. * Added NetBSD IPv6 tunnel capability (also requires a kernel patch) (Horst Laschinsky). * Fixed bug in checking the return value of the nice() function (Ian Pilcher). * Bug fix in new FreeBSD IPv6 over TUN code which was originally added in 1.6-beta5 (Nathanael Rensen). * More Socks5 fixes -- extended the struct frame infrastructure to accomodate proxy-based encapsulation overhead. * Added --dhcp-option to Windows version for setting adapter properties such as WINS & DNS servers. * Use a default route-delay of 5 seconds when --ip-win32 dynamic is specified (only applicable when --route-delay is not explicitly specified). * Added "log_append" registry variable to control whether the OpenVPN service wrapper on Windows opens log files in append (log_append="1") or truncate (log_append="0") mode. The default is truncate. 2004.02.05 -- Version 1.6-beta6 * UDP over Socks5 fix to accomodate Socks5 encapsulation overhead (Christof Meerwald). * Minor --ip-win32 dynamic tweaks (use long lease time, invalidate existing lease with DHCPNAK). 2004.02.01 -- Version 1.6-beta5 * Added Socks5 proxy support (Christof Meerwald). * IPv6 tun support for FreeBSD (Thomas Glanzmann). * Special TAP-Win32 debug mode for Windows self-install that was enabled in beta4 is now turned off. * Added some new Solaris notes to INSTALL (Koen Maris). * More work on --ip-win32 dynamic. 2004.01.27 -- Version 1.6-beta4 * For this beta, the Windows self-install is a debug version and will run slower -- use only for testing. * Reverted the --ip-win32 default back to 'ipapi' from 'dynamic'. * Added the offset parameter to '--ip-win32 dynamic' which can be used to control the address of the masqueraded DHCP server which replies to Windows DHCP requests. * Added a wait/nowait option to --inetd (nowait can only be used with TCP sockets, TLS authentication, and over a bridged configuration -- see FAQ for more info) (Stefan `Sec` Zehl). * Added a build-time capability where TAP-Win32 driver debug messages can be output by OpenVPN at --verb 6 or higher. 2004.01.20 -- Version 1.6-beta2 * Added ./configure --enable-iproute2 flag which uses iproute2 instead of route + ifconfig -- this is necessary for the LEAF Linux distro (Martin Hejl). * Added renewal-time and rebind-time to set of DHCP options returned by the TAP-Win32 driver when "--ip-win32 dynamic" is used. 2004.01.14 -- Version 1.6-beta1 * Fixed --proxy bug that sometimes caused plaintext control info generated by the proxy prior to http CONNECT method establishment to be incorrectly parsed as OpenVPN data. * For Windows version, implemented the "--ip-win32 dynamic" method and made it the default. This method sets the TAP-Win32 adapter IP address and netmask by replying to the kernel's DHCP queries. See the man page for more detailed info. * Added --connect-retry parameter which controls the time interval (in seconds) between connect() retries when --proto tcp-client is used. Previously, this value was hardcoded to 5 seconds, and still defaults as such. * --resolv-retry can now be used with a parameter of "infinite" to retry indefinitely. * Added SSL_CTX_use_certificate_chain_file() to ssl.c for support of multi-level certificate chains (Sten Kalenda). * Fixed --tls-auth incompatibility with 1.4.x and earlier versions of OpenVPN when the passphrase file is an OpenVPN static key file (as generated by --genkey). * Added shell-escape support in config files using the backslash character ("\") so that (for example) double quotes can be passed to the shell. * Added "contrib" subdirectory on tarball, source zip, and CVS containing user-submitted contributions. * Added an optional patch to the Redhat init script to allow the configuration file directory to be a multi-level directory hierarchy (Farkas Levente). See contrib/multilevel-init.patch * Added some scripts and documentation on using Linux "fwmark" iptables rules to enable fine-grained routing control over the VPN (Sean Reifschneider, <jafo@tummy.com>). See contrib/openvpn-fwmarkroute-1.00
Diffstat (limited to 'net/openvpn')
-rw-r--r--net/openvpn/Makefile5
-rw-r--r--net/openvpn/distinfo9
-rw-r--r--net/openvpn/patches/patch-aa40
-rw-r--r--net/openvpn/patches/patch-ab13
-rw-r--r--net/openvpn/patches/patch-ac45
5 files changed, 106 insertions, 6 deletions
diff --git a/net/openvpn/Makefile b/net/openvpn/Makefile
index 0bf7a533be0..f24dfa192bf 100644
--- a/net/openvpn/Makefile
+++ b/net/openvpn/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.5 2004/10/03 00:17:57 tv Exp $
+# $NetBSD: Makefile,v 1.6 2005/02/21 23:26:24 bad Exp $
-DISTNAME= openvpn-1.5.0
-PKGREVISION= 2
+DISTNAME= openvpn-1.6.0
CATEGORIES= net security
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=openvpn/}
diff --git a/net/openvpn/distinfo b/net/openvpn/distinfo
index 67a33d4d65c..05ed0472efa 100644
--- a/net/openvpn/distinfo
+++ b/net/openvpn/distinfo
@@ -1,4 +1,7 @@
-$NetBSD: distinfo,v 1.1.1.1 2004/02/10 12:39:17 wulf Exp $
+$NetBSD: distinfo,v 1.2 2005/02/21 23:26:24 bad Exp $
-SHA1 (openvpn-1.5.0.tar.gz) = 13f443adbff5c657cfd8400011e8df804b57f7ff
-Size (openvpn-1.5.0.tar.gz) = 403792 bytes
+SHA1 (openvpn-1.6.0.tar.gz) = 1a7a4e1b610564902f50b488f19254ab9a1f9c7e
+Size (openvpn-1.6.0.tar.gz) = 430324 bytes
+SHA1 (patch-aa) = 1467b3f2cacc16657e88bc292c778ef7cfc48d66
+SHA1 (patch-ab) = b32248e2d9dc6dfdf015d86873770544a214103b
+SHA1 (patch-ac) = b689cd044be21205eb4c53edd856ea2161b45cc1
diff --git a/net/openvpn/patches/patch-aa b/net/openvpn/patches/patch-aa
new file mode 100644
index 00000000000..2fbe72acbde
--- /dev/null
+++ b/net/openvpn/patches/patch-aa
@@ -0,0 +1,40 @@
+$NetBSD: patch-aa,v 1.1 2005/02/21 23:26:24 bad Exp $
+
+--- route.c.orig Sun Mar 14 06:34:20 2004
++++ route.c Tue Feb 22 00:02:54 2005
+@@ -626,7 +626,7 @@
+ msg (D_ROUTE, "%s", BSTR (&buf));
+ status = system_check (BSTR (&buf), "ERROR: FreeBSD route add command failed", false);
+
+-#elif defined(TARGET_OPENBSD)
++#elif defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
+
+ buf_printf (&buf, ROUTE_PATH " add");
+
+@@ -641,7 +641,7 @@
+ netmask);
+
+ msg (D_ROUTE, "%s", BSTR (&buf));
+- status = system_check (BSTR (&buf), "ERROR: OpenBSD route add command failed", false);
++ status = system_check (BSTR (&buf), "ERROR: Net/OpenBSD route add command failed", false);
+
+ #else
+ msg (M_FATAL, "Sorry, but I don't know how to do 'route' commands on this operating system. Try putting your routes in a --route-up script");
+@@ -713,7 +713,7 @@
+ msg (D_ROUTE, "%s", BSTR (&buf));
+ system_check (BSTR (&buf), "ERROR: FreeBSD route delete command failed", false);
+
+-#elif defined(TARGET_OPENBSD)
++#elif defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
+
+ buf_printf (&buf, ROUTE_PATH " delete -net %s %s -netmask %s",
+ network,
+@@ -721,7 +721,7 @@
+ netmask);
+
+ msg (D_ROUTE, "%s", BSTR (&buf));
+- system_check (BSTR (&buf), "ERROR: OpenBSD route delete command failed", false);
++ system_check (BSTR (&buf), "ERROR: Net/OpenBSD route delete command failed", false);
+
+ #else
+ msg (M_FATAL, "Sorry, but I don't know how to do 'route' commands on this operating system. Try putting your routes in a --route-up script");
diff --git a/net/openvpn/patches/patch-ab b/net/openvpn/patches/patch-ab
new file mode 100644
index 00000000000..03ca5e6a072
--- /dev/null
+++ b/net/openvpn/patches/patch-ab
@@ -0,0 +1,13 @@
+$NetBSD: patch-ab,v 1.1 2005/02/21 23:26:24 bad Exp $
+
+--- syshead.h.orig Thu Apr 1 13:52:34 2004
++++ syshead.h Tue Feb 22 00:09:49 2005
+@@ -247,6 +247,8 @@
+ #include <net/if_tun.h>
+ #endif
+
++#include <net/if_ether.h>
++
+ #endif /* TARGET_NETBSD */
+
+ #ifdef WIN32
diff --git a/net/openvpn/patches/patch-ac b/net/openvpn/patches/patch-ac
new file mode 100644
index 00000000000..908061e7b8f
--- /dev/null
+++ b/net/openvpn/patches/patch-ac
@@ -0,0 +1,45 @@
+$NetBSD: patch-ac,v 1.1 2005/02/21 23:26:24 bad Exp $
+
+--- tun.c.orig Thu Apr 1 13:54:57 2004
++++ tun.c Tue Feb 22 00:14:00 2005
+@@ -579,7 +579,13 @@
+ tun_mtu
+ );
+ else
+- no_tap_ifconfig ();
++ openvpn_snprintf (command_line, sizeof (command_line),
++ IFCONFIG_PATH " %s %s netmask %s mtu %d up",
++ actual,
++ ifconfig_local,
++ ifconfig_remote_netmask,
++ tun_mtu
++ );
+ msg (M_INFO, "%s", command_line);
+ system_check (command_line, "NetBSD ifconfig failed", true);
+ tt->did_ifconfig = true;
+@@ -1263,6 +1269,25 @@
+ int
+ write_tun (struct tuntap* tt, uint8_t *buf, int len)
+ {
++ if (tt->type == DEV_TYPE_TAP)
++ {
++ /* NetBSD's /dev/tap doesn't pad ethernet frames to the minimum length. */
++ ssize_t rv;
++ struct iovec iv[2];
++ char pad[ETHER_MIN_LEN];
++
++ iv[0].iov_base = buf;
++ iv[0].iov_len = len;
++ iv[1].iov_base = &pad;
++ iv[1].iov_len = ETHER_MIN_LEN - len;
++
++ rv = writev(tt->fd, iv, (len < ETHER_MIN_LEN) ? 2 : 1);
++ if (rv > len)
++ return len;
++ else
++ return rv;
++ }
++ else
+ return write (tt->fd, buf, len);
+ }
+